The WannaCry and Petya attacks caught the attention of policymakers as recognition grew that life-saving medical devices could be manipulated or held hostage by malicious actors. In addition to mentions during Congressional hearings or the subject of tweets, we have seen for the first time an interest in pursuing legislative fixes to some of the medical device cybersecurity challenges.

On July 28, Senator Richard Blumenthal (D-CA), brother of former National Coordinator for Health IT, David Blumenthal, introduced the Medical Device Cybersecurity Act of 2017 (S.1656.) The bill aims to improve transparency of the cybersecurity capabilities of medical devices by creating a cyber “report card” and mandatory pre-market testing. The bill also enhances remote access protections for medical devices in and outside of the hospital; clarifies that crucial cybersecurity fixes or updates remain free and do not require FDA recertification; provides guidance and recommendations for end-of-life devices, including secure disposal and recycling instructions; and expands the Department of Homeland Security Computer Emergency Readiness Team responsibilities to include the cybersecurity of medical devices.

Both CHIME and AEHIS have endorsed this legislation that addresses a number of the concerns raised by our members over the cybersecurity posture of the thousands of medical devices in use throughout their organizations. While no legislation is perfect, we appreciate Senator Blumenthal’s willingness to shine a light on this critical issue.

CHIME and AEHIS are always seeking input from CIO and CISO members as well as Foundation firms. CHIME public policy routinely sets up workgroups on a variety of topics as rules, regulations and legislation are unveiled. We encourage Foundation firms to check out the weekly Washington Debrief for these opportunities or reach out directly to Mari Savickis, vice president of federal affairs, and me via [email protected] to share the perspective of your organization. We value our partnerships with our Foundation firms and gathering your insight and leveraging your expertise will make our interactions with and asks for policymakers more meaningful.

What does your organization think of Senator Blumenthal’s bill? What cybersecurity issues would you like to see Congress tackle during the remainder of 2017? We’d love to hear from you.

Also, we encourage you to join us the third Wednesday of each month for the CHIME Foundation Public Policy Update – a 30-minute review of policy developments for the agencies and Capitol Hill of interest to the CHIME members and Foundation. Email [email protected] to get added to the invitation.